A DPA Attack on the Improved Ha-Moon Algorithm

Algorithm

Dong Jin PARK and Pil Joong LEE

Information Security Laboratory, Dept. of EEE, POSTECH, Pohang, Korea

[email protected], [email protected]

Abstract. The algorithm proposed by Ha and Moon [2] is a counter-measure against power analysis. The Ha-Moon algorithm has two draw-backs in that it requires an inversion and has a right-to-left approach. Recently, Yen, Chen, Moon and Ha improved the algorithm by removing these drawbacks [7]. Their new algorithm is inversion-free, has a left-to-right approach and employs a window method. They insisted that their algorithm leads to a more secure countermeasure in computing modular exponentiation against side-channel attacks. This algorithm, however, still has a similar weakness observed in [1, 6]. This paper shows that the improved Ha-Moon algorithm is vulnerable to differential power analysis even if we employ their method in selectingsi.

Keywords:Ha-Moon algorithm, randomized exponentiation algorithm, side-channel attack.

1

Introduction

In 2002, Ha and Moon proposed an algorithm in order to prevent power analysis [2]. The Ha-Moon algorithm randomizes a secret exponent into a signed binary representation. Many researchers are interested in this algorithm because of its simplicity and efficiency. Two drawbacks of the Ha-Moon algorithm are that it requires an inversion of a group element and recodes an exponent into a randomized representation from LSB to MSB (i.e. right-to-left).

Recently, Yen, Chen, Moon and Ha improved these drawbacks of the Ha-Moon algorithm [7]; their new algorithm (improved Ha-Ha-Moon algorithm) has a left-to-right approach and does not require an inversion of a group element. Thus, their algorithm can be applied in computing modular exponentiations, such as RSA and DSA. They insisted that their algorithm leads to a more se-cure countermeasure implementing exponentiation against side-channel attacks. However, this paper shows that the improved Ha-Moon algorithm is still vul-nerable to differential power analysis (DPA) [3, 4]. Thus, the improved Ha-Moon algorithm should not be implemented in restricted environments, such as smart cards, for which it was originally designed.

?

The remainder of this paper organized as follows: In Section 2, we briefly review the improved Ha-Moon algorithm. In Section 3, we propose an attack method that shows the improved Ha-Moon algorithm is still vulnerable to DPA.

2

Improved Ha-Moon Algorithm

This section summarizes the improved Ha-Moon Algorithm. See [7] for details.

2.1 Brief Description

Algorithm 1. Improved Ha-Moon algorithm with 2-bit window (Fig. 3 in [7])

Input:g, K= (kn−1,· · ·, k0)2wherenis even and (kn−1kn−2)2= (01)2,(10)2,or (11)2

Output:gK

1. R[0] = 1;R[1] =g

2. Precomputation:R[2] =g2_{,· · ·, R[14] =g}14 3. s=−(kn−1kn−2)2

4. forifromn−4 downto 0 step−2 do 4.1 d=−4s

4.2 s=RandomInteger(−1,−3) 4.3 R[0] =R[0]4

4.4 R[0] =R[0]×R[d+s+ (ki+1ki)2] 5. R[0] =R[0]×R[−s]

6. outputR[0]

The improved Ha-Moon algorithm is a left-to-right, inversion-free, and window1 method. In this algorithm, a randomized exponent d0_i is recoded from the fol-lowing equation:

d0_i−si= (ki+1ki)2−4si+2

where (ki+1ki)2 is a secret exponent to be recoded and si ∈R {−1,−2,−3}

which introduces randomness in the representation. Sinced0_i becomes a positive integer for all i, there is no inversion operation in Algorithm 1. In Algorithm 1, there are always two squarings and multiplication sequences, which are not dummy operations. Thus, the improved algorithm can resist SPA-like attacks, such as [5], and the safe-error attack [8]. Also, the improved Ha-Moon algorithm may resist Fouqueet al.’ attack [1], because each probability of state transitions seems to be equal.

1

2.2 Weakness of the Improved Ha-Moon Algorithm

However, the improved Ha-Moon algorithm has a weakness similar to the orig-inal Ha-Moon algorithm in that there are a few possible intermediate values [1, 6]. After processing (ki+1ki)2 in Step 4.4, Algorithm 1, R[0] becomes one of g(kn−1···ki)2−1_{, g}(kn−1···ki)2−2_{, and g}(kn−1···ki)2−3_{. In other words, there are} only three possible intermediate values in any iteration. Table 1 shows differ-ent pattern of intermediate values according to (ki+1ki)2. Each occurrence of

g4(kn−1···ki+2)2+xi _{given (kn}

−1· · ·ki+2)2 can be checked by DPA, such as ZEMD attack [4]. For example, (ki+1ki)2= 0 results peaks inxi=−3,−2, and−1 and (ki+1ki)2= 1 inxi =−2,−1, and 0. Thus, we can find a correct (ki+1ki)2given (kn−1· · ·ki+2)2.

Note that, in this attack, a third of the samples are meaningful and the others are treated as noise, because the possible distribution of intermediate values is three.

Table 1.Intermediate values,g4(kn−1···ki+2)2+xi_{, after processing (k} i+1ki)2

xi

(ki+1ki)2 −3 −2 −1 0 1 2

0

1

2

3

2.3 Yen et al.’s Method

Yenet al.suggested a method to prevent this attack. Their method is selecting

si = −1 or −2 when (ki+1ki)2 = 0 or 2 as well as selecting si = −2 or −3 when (ki+1ki)2 = 1 or 3. The allowed parameters are summarized in Table 2. Their method can make (ki+1ki)2= 0 and 1(2 and 3) indistinguishable. For this reason, they insisted that the attack in the previous section can be avoided by this method.

3

Proposed Attack

Unfortunately, Yen et al.’s method does not provide additional randomness in the intermediate values. The indistinguishability after processing (ki+1ki)2 can be removed in the successive iteration. After processing (ki−1ki−2)2 in Step 4.4, Algorithm 1, R[0] becomes

Table 2.Parameters with the Yenet al.’s method

si+2(ki+1ki)2 (si, d0i)

−1 0 (−2, 2) or (−1, 3)

−1 1 (−3, 2) or (−2, 3)

−1 2 (−2, 4) or (−1, 5)

−1 3 (−3, 4) or (−2, 5)

−2 0 (−2, 6) or (−1, 7)

−2 1 (−3, 6) or (−2, 7)

−2 2 (−2, 8) or (−1, 9)

−2 3 (−3, 8) or (−2, 9)

−3 0 (−2, 10) or (−1, 11)

−3 1 (−3, 10) or (−2, 11)

−3 2 (−2, 12) or (−1, 13)

−3 3 (−3, 12) or (−2, 13)

wheresi−2∈ {−1,−2,−3}. Table 3 shows possible values ofR[0] after processing (ki−1ki−2)2. If (kn−1· · ·ki+2)2is known, we can determine (ki+1ki)2and classify (ki−1ki−2)2 into a groupA(0 or 1) or a groupB (2 or 3).

Algorithm 2. ZEMD-like attack on the improved Ha-Moon algorithm

Output:K

1. gather sufficiently many power trace samples ofgK

w for differentgw’s. 2. forifromn−2 downto 2 step−2 do

2.1 forxfrom−2 to 13 step 1 do

2.1.1 divide the samples into two setsS1 andS2 according to a decision function, such as the Hamming weight ofg16(kn−1···ki+2)2+x

w

2.1.2 get the bias signal asD= average(S1)−average(S2) 2.1.3 record an appearance of a spike in D

2.2 determine (ki+1ki)2and classify (ki−1ki−2)2into a groupAorB according to

records in Step 2.1.3 3. guess (k1k0)2

4. outputK

For example, if a spike is recorded in Step 2.1.3, Algorithm 2 when x= 6 and (or) 7, then we can find that (ki+1ki)2 is 2 and (ki−1ki−2)2 is classified into a group A. Thus, we can determine a secret exponent K except (k1k0)2, of which we can classify the group, Aor B; the size of the search space from the remaining ambiguity in (k1k0)2 is only two. In addition, our attack does not assume anything beyond ZEMD attack.

Table 3.Intermediate values,g16(kn−1···ki+2)2+xi−2_{, after processing (k}

i−1ki−2)2

xi−2

(ki+1ki)2 −2 −1 0 1 2 3 4 5 6 7 8 9 10 11 12 13

0 A A B B

1 A A B B

2 A A B B

3 A A B B

Ameans (ki−1ki−2)2 = 0 or 1, and

B means (ki−1ki−2)2 = 2 or 3.

increase the complexity of DPA significantly, but only decrease the rate in inverse proportion to the range.

4

Conclusion

The improved Ha-Moon algorithm introduced interesting properties, such as a left-to-right approach, inversion-free and window method. This paper, however, shows that the improved Ha-Moon algorithm does not resolve one critical prop-erty of the Ha-Moon algorithm: its vulnerability to DPA. The improved Ha-Moon algorithm should be used with another randomizing countermeasure.

References

1. P.-A. Fouque, F. Muller, G. Poupard and F. Valette, “Defeating countermeasures based on randomized BSD representation,”CHES 2004,LNCS 3156, pp. 312–327, Springer-Verlag, 2004.

2. J. C. Ha and S. J. Moon, “Randomized signed-scalar multiplication of ECC to resist power attacks,”CHES 2002,LNCS 2523, pp. 551–563, Springer-Verlag, 2002. 3. P. Kocher, J. Jaffe and B. Jun, “Differential power analysis,”CRYPTO 1999,LNCS

1666, pp. 388–397, Springer-Verlag, 1999.

4. T. S. Messerges, E. A. Dabbish and R. H. Sloan, “Power analysis attacks of modular exponentiation in smartcards,” CHES 1999, LNCS 1717, pp. 144–157, Springer-Verlag, 1999.

5. K. Okeya and D.-G. Han, “Side channel attack on Ha-Moon’s countermeasure of randomized signed scalar multiplication,”INDOCRYPT 2003,LNCS 2904, pp. 334– 348, Springer-Verlag, 2003.

6. S. G. Sim, D. J. Park and P. J. Lee, “New power analyses on the Ha-Moon algorithm and the MIST algorithm,”ICICS 2004, LNCS 3269, pp. 291–304, Springer-Verlag, 2004.